diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-01-07 02:18:36 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-01-07 02:18:47 +0000 |
commit | 36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2 (patch) | |
tree | b3faaf573407b32aa645237a4d16b82778a39a92 /nixpkgs/pkgs/development/libraries/openssl | |
parent | 4e31070265257dc67d120c27e0f75c2344fdfa9a (diff) | |
parent | abf060725d7614bd3b9f96764262dfbc2f9c2199 (diff) | |
download | nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.gz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.bz2 nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.lz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.xz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.zst nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.zip |
Add 'nixpkgs/' from commit 'abf060725d7614bd3b9f96764262dfbc2f9c2199'
git-subtree-dir: nixpkgs git-subtree-mainline: 4e31070265257dc67d120c27e0f75c2344fdfa9a git-subtree-split: abf060725d7614bd3b9f96764262dfbc2f9c2199
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/openssl')
6 files changed, 280 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/openssl/1.0.2/nix-ssl-cert-file.patch b/nixpkgs/pkgs/development/libraries/openssl/1.0.2/nix-ssl-cert-file.patch new file mode 100644 index 000000000000..5765409fdd57 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/openssl/1.0.2/nix-ssl-cert-file.patch @@ -0,0 +1,16 @@ +diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c +index e6d0e6e1a6..b89456fd87 100644 +--- a/crypto/x509/by_file.c ++++ b/crypto/x509/by_file.c +@@ -97,7 +97,10 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, + switch (cmd) { + case X509_L_FILE_LOAD: + if (argl == X509_FILETYPE_DEFAULT) { +- file = ossl_safe_getenv(X509_get_default_cert_file_env()); ++ file = ossl_safe_getenv("NIX_SSL_CERT_FILE"); ++ ++ if (!file) ++ file = ossl_safe_getenv(X509_get_default_cert_file_env()); + + if (file) + ok = (X509_load_cert_crl_file(ctx, file, diff --git a/nixpkgs/pkgs/development/libraries/openssl/1.0.2/use-etc-ssl-certs-darwin.patch b/nixpkgs/pkgs/development/libraries/openssl/1.0.2/use-etc-ssl-certs-darwin.patch new file mode 100644 index 000000000000..3d9ee7e6a822 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/openssl/1.0.2/use-etc-ssl-certs-darwin.patch @@ -0,0 +1,13 @@ +diff -ru -x '*~' openssl-1.0.1r-orig/crypto/cryptlib.h openssl-1.0.1r/crypto/cryptlib.h +--- openssl-1.0.1r-orig/crypto/cryptlib.h 2016-01-28 14:38:30.000000000 +0100 ++++ openssl-1.0.1r/crypto/cryptlib.h 2016-02-03 12:54:29.193165176 +0100 +@@ -81,8 +81,8 @@ + + # ifndef OPENSSL_SYS_VMS + # define X509_CERT_AREA OPENSSLDIR + # define X509_CERT_DIR OPENSSLDIR "/certs" +-# define X509_CERT_FILE OPENSSLDIR "/cert.pem" ++# define X509_CERT_FILE "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" + # define X509_PRIVATE_DIR OPENSSLDIR "/private" + # else + # define X509_CERT_AREA "SSLROOT:[000000]" diff --git a/nixpkgs/pkgs/development/libraries/openssl/1.0.2/use-etc-ssl-certs.patch b/nixpkgs/pkgs/development/libraries/openssl/1.0.2/use-etc-ssl-certs.patch new file mode 100644 index 000000000000..813c6bdf44ab --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/openssl/1.0.2/use-etc-ssl-certs.patch @@ -0,0 +1,13 @@ +diff -ru -x '*~' openssl-1.0.1r-orig/crypto/cryptlib.h openssl-1.0.1r/crypto/cryptlib.h +--- openssl-1.0.1r-orig/crypto/cryptlib.h 2016-01-28 14:38:30.000000000 +0100 ++++ openssl-1.0.1r/crypto/cryptlib.h 2016-02-03 12:54:29.193165176 +0100 +@@ -81,8 +81,8 @@ + + # ifndef OPENSSL_SYS_VMS + # define X509_CERT_AREA OPENSSLDIR + # define X509_CERT_DIR OPENSSLDIR "/certs" +-# define X509_CERT_FILE OPENSSLDIR "/cert.pem" ++# define X509_CERT_FILE "/etc/ssl/certs/ca-certificates.crt" + # define X509_PRIVATE_DIR OPENSSLDIR "/private" + # else + # define X509_CERT_AREA "SSLROOT:[000000]" diff --git a/nixpkgs/pkgs/development/libraries/openssl/1.1/nix-ssl-cert-file.patch b/nixpkgs/pkgs/development/libraries/openssl/1.1/nix-ssl-cert-file.patch new file mode 100644 index 000000000000..9e871cfb1d31 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/openssl/1.1/nix-ssl-cert-file.patch @@ -0,0 +1,15 @@ +diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c +index 244512c935..f0b70d7ea1 100644 +--- a/crypto/x509/by_file.c ++++ b/crypto/x509/by_file.c +@@ -46,7 +46,9 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, + switch (cmd) { + case X509_L_FILE_LOAD: + if (argl == X509_FILETYPE_DEFAULT) { +- file = ossl_safe_getenv(X509_get_default_cert_file_env()); ++ file = ossl_safe_getenv("NIX_SSL_CERT_FILE"); ++ if (!file) ++ file = ossl_safe_getenv(X509_get_default_cert_file_env()); + if (file) + ok = (X509_load_cert_crl_file(ctx, file, + X509_FILETYPE_PEM) != 0); diff --git a/nixpkgs/pkgs/development/libraries/openssl/chacha.nix b/nixpkgs/pkgs/development/libraries/openssl/chacha.nix new file mode 100644 index 000000000000..f07ebad9e810 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/openssl/chacha.nix @@ -0,0 +1,82 @@ +{ stdenv, fetchFromGitHub, perl, zlib +, withCryptodev ? false, cryptodev +}: + +with stdenv.lib; +stdenv.mkDerivation rec { + name = "openssl-chacha-${version}"; + version = "2016-08-22"; + + src = fetchFromGitHub { + owner = "PeterMosmans"; + repo = "openssl"; + rev = "293717318e903b95f4d7e83a98a087282f37efc3"; + sha256 = "134j3anjnj2q99xsd8d47bwvjp73qkdsimdd9riyjxa3hd8ysr00"; + }; + + outputs = [ "bin" "dev" "out" "man" ]; + setOutputFlags = false; + + nativeBuildInputs = [ perl zlib ]; + buildInputs = stdenv.lib.optional withCryptodev cryptodev; + + configureScript = "./config"; + + configureFlags = [ + "zlib" + "shared" + "experimental-jpake" + "enable-md2" + "enable-rc5" + "enable-rfc3779" + "enable-gost" + "--libdir=lib" + "--openssldir=etc/ssl" + ] ++ stdenv.lib.optionals withCryptodev [ + "-DHAVE_CRYPTODEV" + "-DUSE_CRYPTODEV_DIGESTS" + ]; + + makeFlags = [ + "MANDIR=$(man)/share/man" + ]; + + # Parallel building is broken in OpenSSL. + enableParallelBuilding = false; + + postInstall = '' + # If we're building dynamic libraries, then don't install static + # libraries. + if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then + rm "$out/lib/"*.a + fi + + mkdir -p $bin + mv $out/bin $bin/ + + mkdir $dev + mv $out/include $dev/ + + # remove dependency on Perl at runtime + rm -r $out/etc/ssl/misc + + rmdir $out/etc/ssl/{certs,private} + ''; + + postFixup = '' + # Check to make sure we don't depend on perl + if grep -r '${perl}' $out; then + echo "Found an erroneous dependency on perl ^^^" >&2 + exit 1 + fi + ''; + + meta = { + homepage = https://www.openssl.org/; + description = "A cryptographic library that implements the SSL and TLS protocols"; + platforms = [ "x86_64-linux" ]; + maintainers = [ stdenv.lib.maintainers.cstrahan ]; + license = licenses.openssl; + priority = 10; # resolves collision with ‘man-pages’ + }; +} diff --git a/nixpkgs/pkgs/development/libraries/openssl/default.nix b/nixpkgs/pkgs/development/libraries/openssl/default.nix new file mode 100644 index 000000000000..32fd6e727f7d --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/openssl/default.nix @@ -0,0 +1,141 @@ +{ stdenv, fetchurl, buildPackages, perl, coreutils +, withCryptodev ? false, cryptodev +, enableSSL2 ? false +, static ? false +}: + +with stdenv.lib; + +let + common = args@{ version, sha256, patches ? [], withDocs ? false }: stdenv.mkDerivation rec { + name = "openssl-${version}"; + + src = fetchurl { + url = "https://www.openssl.org/source/${name}.tar.gz"; + inherit sha256; + }; + + inherit patches; + + postPatch = '' + patchShebangs Configure + '' + optionalString (versionOlder version "1.1.0") '' + patchShebangs test/* + for a in test/t* ; do + substituteInPlace "$a" \ + --replace /bin/rm rm + done + '' + optionalString (versionAtLeast version "1.1.1") '' + substituteInPlace config --replace '/usr/bin/env' '${coreutils}/bin/env' + '' + optionalString (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isMusl) '' + substituteInPlace crypto/async/arch/async_posix.h \ + --replace '!defined(__ANDROID__) && !defined(__OpenBSD__)' \ + '!defined(__ANDROID__) && !defined(__OpenBSD__) && 0' + ''; + + outputs = [ "bin" "dev" "out" "man" ] ++ optional withDocs "doc"; + setOutputFlags = false; + separateDebugInfo = stdenv.hostPlatform.isLinux; + + nativeBuildInputs = [ perl ]; + buildInputs = stdenv.lib.optional withCryptodev cryptodev; + + # TODO(@Ericson2314): Improve with mass rebuild + configurePlatforms = []; + configureScript = { + "x86_64-darwin" = "./Configure darwin64-x86_64-cc"; + "x86_64-solaris" = "./Configure solaris64-x86_64-gcc"; + "armv6l-linux" = "./Configure linux-armv4 -march=armv6"; + "armv7l-linux" = "./Configure linux-armv4 -march=armv7-a"; + }.${stdenv.hostPlatform.system} or ( + if stdenv.hostPlatform == stdenv.buildPlatform + then "./config" + else if stdenv.hostPlatform.isMinGW + then "./Configure mingw${optionalString + (stdenv.hostPlatform.parsed.cpu.bits != 32) + (toString stdenv.hostPlatform.parsed.cpu.bits)}" + else if stdenv.hostPlatform.isLinux + then "./Configure linux-generic${toString stdenv.hostPlatform.parsed.cpu.bits}" + else if stdenv.hostPlatform.isiOS + then "./Configure ios${toString stdenv.hostPlatform.parsed.cpu.bits}-cross" + else + throw "Not sure what configuration to use for ${stdenv.hostPlatform.config}" + ); + + configureFlags = [ + "shared" # "shared" builds both shared and static libraries + "--libdir=lib" + "--openssldir=etc/ssl" + ] ++ stdenv.lib.optionals withCryptodev [ + "-DHAVE_CRYPTODEV" + "-DUSE_CRYPTODEV_DIGESTS" + ] ++ stdenv.lib.optional enableSSL2 "enable-ssl2" + ++ stdenv.lib.optional (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isAarch64) "no-afalgeng"; + + makeFlags = [ "MANDIR=$(man)/share/man" ]; + + enableParallelBuilding = true; + + postInstall = + stdenv.lib.optionalString (!static) '' + # If we're building dynamic libraries, then don't install static + # libraries. + if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then + rm "$out/lib/"*.a + fi + + '' + + '' + mkdir -p $bin + substituteInPlace $out/bin/c_rehash --replace ${buildPackages.perl} ${perl} + mv $out/bin $bin/ + + mkdir $dev + mv $out/include $dev/ + + # remove dependency on Perl at runtime + rm -r $out/etc/ssl/misc + + rmdir $out/etc/ssl/{certs,private} + ''; + + postFixup = '' + # Check to make sure the main output doesn't depend on perl + if grep -r '${buildPackages.perl}' $out; then + echo "Found an erroneous dependency on perl ^^^" >&2 + exit 1 + fi + ''; + + meta = with stdenv.lib; { + homepage = https://www.openssl.org/; + description = "A cryptographic library that implements the SSL and TLS protocols"; + license = licenses.openssl; + platforms = platforms.all; + maintainers = [ maintainers.peti ]; + priority = 10; # resolves collision with ‘man-pages’ + }; + }; + +in { + + openssl_1_0_2 = common { + version = "1.0.2q"; + sha256 = "115nisqy7kazbg6br2wrcra9nphyph1l4dgp563b9cf2rv5wyi2p"; + patches = [ + ./1.0.2/nix-ssl-cert-file.patch + + (if stdenv.hostPlatform.isDarwin + then ./1.0.2/use-etc-ssl-certs-darwin.patch + else ./1.0.2/use-etc-ssl-certs.patch) + ]; + }; + + openssl_1_1 = common { + version = "1.1.1a"; + sha256 = "0hcz7znzznbibpy3iyyhvlqrq44y88plxwdj32wjzgbwic7i687w"; + patches = [ ./1.1/nix-ssl-cert-file.patch ]; + withDocs = true; + }; + +} |